Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010

It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of ‘security’ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U

Establishing Privacy Advisory Commissions for the Regulation of Facial Recognition Systems at the Municipal Level

As facial recognition systems (FRS) become widely available, a growing number of local governing bodies across the country have adopted these technologies. Without regulating how and when these technologies are used, the adoption of FRS by municipal governments has the potential to violate civil liberties and disproportionately harm marginalized groups. FRS may be an invaluable tool for law enforcement; however, best practices must be adopted to curb their misuse, specifically at the municipal level. We propose that cities considering procurement of FRS create an independent privacy advisory commission with a clear mandate, guaranteed cooperation from local government, technology expertise, and community stakeholder input

Efficient Verifiable Computation of XOR for Biometric Authentication

This work addresses the security and privacy issues in remotebiometric authentication by proposing an efficient mechanism to verifythe correctness of the outsourced computation in such protocols.In particular, we propose an efficient verifiable computation of XORingencrypted messages using an XOR linear message authenticationcode (MAC) and we employ the proposed scheme to build a biometricauthentication protocol. The proposed authentication protocol is bothsecure and privacy-preserving against malicious (as opposed to honest-but-curious) adversaries. Specifically, the use of the verifiable computation scheme together with an homomorphic encryption protects the privacy of biometric templates against malicious adversaries. Furthermore, in order to achieve unlinkability of authentication attempts, while keeping a low communication overhead, we show how to apply Oblivious RAM and biohashing to our protocol. We also provide a proof of security for the proposed solution. Our simulation results show that the proposed authentication protocol is efficient

Cloud Services with A Biometric Authentication Method And Privacy Protection

In recent years, biometric identification has grown in popularity. With the rise of cloud computing, database owners are compelled to outsource huge amounts of biometric data and identification chores to the cloud in order to save money on storage and processing, but this poses a risk to users' privacy. We provide a biometric identification outsourcing method that is both efficient and private. Biometric information is encrypted and sent to a cloud server. The database owner encrypts the query data before sending it to the cloud to perform biometric identification. The cloud conducts ID operations over the encrypted database and provides the results to the owner of the database. A careful security analysis shows that the approach suggested is safe even if attackers can make identity requests and collaborate with the cloud. The suggested system provides higher performance in both preparation and identification operations in comparison with the prior protocols

Privacy-preserving query processing over encrypted data in cloud

The query processing of relational data has been studied extensively throughout the past decade. A number of theoretical and practical solutions to query processing have been proposed under various scenarios. With the recent popularity of cloud computing, data owners now have the opportunity to outsource not only their data but also data processing functionalities to the cloud. Because of data security and personal privacy concerns, sensitive data (e.g., medical records) should be encrypted before being outsourced to a cloud, and the cloud should perform query processing tasks on the encrypted data only. These tasks are termed as Privacy-Preserving Query Processing (PPQP) over encrypted data. Based on the concept of Secure Multiparty Computation (SMC), SMC-based distributed protocols were developed to allow the cloud to perform queries directly over encrypted data. These protocols protect the confidentiality of the stored data, user queries, and data access patterns from cloud service providers and other unauthorized users. Several queries were considered in an attempt to create a well-defined scope. These queries included the k-Nearest Neighbor (kNN) query, advanced analytical query, and correlated range query. The proposed protocols utilize an additive homomorphic cryptosystem and/or a garbled circuit technique at different stages of query processing to achieve the best performance. In addition, by adopting a multi-cloud computing paradigm, all computations can be done on the encrypted data without using very expensive fully homomorphic encryptions. The proposed protocols\u27 security was analyzed theoretically, and its practicality was evaluated through extensive empirical results --Abstract, page iii